Fresh Banker Trojan Striking Banking Institutions within Japan - IBM

IBM the security vendor is warning of one fresh banking Trojan that is striking accountholders of twelve and more Japanese banks.

Named "Shifu," which means thief in Japanese, and circulating from April, if not earlier, the Trojan malware is created for attacking Japanese banks as well as culling e-banking systems within Europe. Presently, it is chiefly prevalent inside Japan targeting people with accounts in fourteen financial institutions.

According to security researchers, Trojan Shifu, an advanced malware, seemingly borrows many prominent malware programs' features. It utilizes certain domain generation algorithm a DGA very much like that of Trojan Shiz; techniques of anti-research and anti-security that are found in Zeus VM; a Dridex utilized type of configuration file; and Gozi's sneaky methodologies. It as well erases local restore position of the infected PC similar as what Worm Conficker carried out many years back.

Several things are included in Shifu. These are one web-inject parser and browser hooking, certificate grabber, screenshot grabber, keylogger, bot-control modules, RAT (remote access tool), and favorable applications that classify and monitor endpoints.

Senior Cyber-security Strategist Etay Maor of IBM remarked that an X-Force Research Group was continuously probing the malware's various styles of infection. Most probably, it proliferated through spamming schemes that resulted in infection points, he speculated. Theregister.co.uk reported this in news on September 1, 2015.

According to IBM's Cyber-security Evangelist Limor Kessem, in addition to Shifu's operators swindling bank accounts, they attack credit and debit card data. They also use Shifu for enforcing one RAM-scraping plug-in for garnering such card data. Further, Shifu is made to search digital signature details that certifying authorities provide to consumers of mercantile banking, especially within Italy, Kessem says. Scmagazineuk.com reported this in news on September 1, 2015.

Outlining one particular fact, Kessem states that Shifu's controllers apparently don't intend to give portions of their loot to anybody external to their gang.

In addition to the above details regarding Shifu, the 'source-of-origin' aspect of the Trojan isn't yet known. While a few say it's Russia, others think it's pretending as arising from Russia for defeating security professionals as cyber-crime most commonly originates from Russia.

» SPAMfighter News - 9/9/2015